Free Malware Removal Forum

Welcome to MalwareRemoval.com,What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Welcome to the Malware Removal forums. I will be more than happy to help you work on your problems.
Please give me some time to review your log as this can be a lengthy process. As soon as a MR Staff Expert reviews my fix, I will post it for you.
In the mean time, if any problems occur. Please let me know.
Please only use this topic to reply to. Do not start another thread.The fixes we will use are specific to your problems and should only be used for this issue on this machine.If youâ€™re unsure of anything at all please stop and ask!

1. Disconnect infected computer from the internet and from any networked computers until the computer can be cleaned.

2. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passords and transaction information.

******************************

You may want to print out these instructions or copy them to notepad since you will not have internet access during some of our fixes

You are currently using HijackThis from a temporary directory; this can cause problems.
HijackThis creates backups, these are needed in case of any recovery issues.
Please create a directory on your C:\ drive called C:\HJT, download and unzip HijackThis into that directory. Run the program from that directory from now on.

STEPS For Creating Folder1. Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.

2. Download HijackThis to the new folder:

3. Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.

********************************

We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.

After all of the fixes are complete it is very important that you enable Real-time Protection again.

* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

My Web Search [You may also want to uninstall any of the following items associated with FunWebProducts.]My Web Search (Smiley Central or FWP product as applicable)My Way Speedbar (Smiley Central or other FWP as applicable)My Way Speedbar (AOL and Yahoo Messengers) (beta users only)My Way Speedbar (Outlook, Outlook Express, and IncrediMail)Search Assistant - My Way

ISTsvcErrorguard

Please note any other programs that you dont recognize in that list in your next response

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below. [b]

Launch ewido, there should be an icon on your desktop, double-click it.

The program will now open to the main screen.

When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

You will need to update ewido to the latest definition files.

On the left hand side of the main screen click update.

Then click on Start Update.

The update will start and a progress bar will show the updates being installed.(the status bar at the bottom will display ("Update successful")

If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updates

Once the updates are installed do the following:

Click on scanner

Click on Complete System Scan and the scan will begin.

You will be prompted to clean the first infection.

Select "Perform action on all infections", then proceed.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

Click Save report.

Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware. Reboot your computer

*******************************

In your next post, please post a fresh HJT log and the results of your Ewido Anti-Malware Scan. It might be better for you to post the Ewido log in a separate post so that it won't get cut off. Also, please let me know how your computer is running.

In your next post, please post a fresh HJT log and the results of your Ewido Anti-Malware Scan. It might be better for you to post the Ewido log in a separate post so that it won't get cut off. Also, please let me know how your computer is running.

In your next post, please post a fresh HJT log and the results of your Ewido Anti-Malware Scan. It might be better for you to post the Ewido log in a separate post so that it won't get cut off. Also, please let me know how your computer is running.

My pc seems to be running a lot quicker at first glance got to go out know though will have a better look later on. ? am i safe though

cheers sumo

In your next post, please post a fresh HJT log and the results of your Ewido Anti-Malware Scan. It might be better for you to post the Ewido log in a separate post so that it won't get cut off. Also, please let me know how your computer is running.

Congratulations, your log looks clean! Are you having any other troubles?

First, Lets reset system restoreReset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOTon a regular basis

Let's enable your Microsoft AntiSpyware Real-time Protection.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options check Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection check Enable real-time spyware threat protection (recommended).
After you check these, click on the Save button and close Microsoft AntiSpyware.

There are a few other very important things you should follow to avoid getting reinfected:

Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
See here to choose one

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.

SpywareBlaster - Great prevention tool to keep nasties from installing on your system.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.

IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

The programs you have installed look ok. Fix.reg isn't actually a program. It was just a registry fix that help remove some of the leftover malware registry items. You can remove that file from your desktop.

I don't exactly know what hurl or hurl-1 are, but I assume that they are shortcuts to the same file. If you would like me to take a look at it, please right click on the icon, select properties and copy and paste the contents of target into this post.

Are you having any other specific problems with your computer? Your last log looked clean, but if you are having any other difficulties, please post back here w/ a fresh HJT log and details about the problems you are having.

Who is online

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.